]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a85137) | patch
Mail: fixed clearing s->passwd in auth http requests.
authorSergey Kandaurov <pluknet@nginx.com>
Wed, 18 Mar 2026 12:39:37 +0000 (16:39 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 24 Mar 2026 18:33:23 +0000 (22:33 +0400)
commit0f71dd8ea94ab8c123413b2e465be12a35392e9c
tree9f426e49858ca3a6239f6cb1967eccf2eb6ce259tree | snapshot
parent6a8513761fb327f67fcc6cfcf1ad216887e2589fcommit | diff
Mail: fixed clearing s->passwd in auth http requests.

Previously, it was not properly cleared retaining length as part of
authenticating with CRAM-MD5 and APOP methods that expect to receive
password in auth response.  This resulted in null pointer dereference
and worker process crash in subsequent auth attempts with CRAM-MD5.

Reported by Arkadi Vainbrand.
src/mail/ngx_mail_auth_http_module.c diff | blob | history
nginx upstream